- Home
- CVEs with nessus.description==A Bugzilla Security Advisory reports :
This advisory covers three security issues that have recently been fixed in the Bugzilla code :
- A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account.
- A weakness in the Perl CGI.pm module allows injecting HTTP headers and content to users via several pages in Bugzilla.
- If you put a harmful 'javascript:' or 'data:' URL into Bugzilla's 'URL' field, then there are multiple situations in which Bugzilla will unintentionally make that link clickable.
- Various pages lack protection against cross-site request forgeries.
All affected installations are encouraged to upgrade as soon as possible.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top